Jump to content


Malware Hunters
  • Content Count

  • Joined

  • Last visited

  • Days Won


alvarnell last won the day on November 29 2020

alvarnell had the most liked content!

Community Reputation

30 Excellent


About alvarnell

  • Rank
    Macintosh Guru

Profile Information

  • Location
    Mountain View, CA, USA
  • Interests
    Honorary Member
    Macintosh computing, Mac malware analysis and prevention. USA(Ret) 1963-91.

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. You can file a ticket, but it can take over a week for them to get back to you as they have a huge backlog. You'll have a better chance here when they come to work in six hours or so.
  2. Would think so, too. I suspect the staff will have you download a tool to gather some information about you or setup and submit the results directly to them. I'm sure they are as anxious to get to the bottom of this as you are.
  3. Did you check for Profiles? Profiles can be found by opening System Preferences, then clicking the Profiles icon. (If there isn’t a Profiles icon, you don’t have any profiles installed, which is normal.)
  4. Perhaps you could let Apple know of your disappointment. Unfortunately they will only allow software for iOS devices too be downloaded and paid through them. All developers are saddled with this issue.
  5. Please post a screen-shot of that pop up window. Sounds like it's coming from macOS Gatekeeper, but I'd like to be certain. Check your /Applications folder for any app named "ManagerAnalogd". If you find it please upload it to https://forums.malwarebytes.com/forum/193-newest-mac-threats/ and then drag it to the trash. Open Safari Preferences->Extensions and Uninstall any that you don't recognize. Then see this item pinned to the top of the forum for information that should fix your search engine:
  6. The purpose of this forum is so users can submit suspected malware files for analysis by Malware Hunters and the Malwarebytes Lab staff. There is a lengthy discussion of Silver Sparrow in the Mac Malware Removal & Support forum at
  7. I suspect then that you had not read my second posting when you asked.
  8. Sorry, I thought I had made that clear above. Those signatures were updated a few days ago, while it was still being examined by several individuals, including those in Malwarebytes Lab. As stated earlier, I have verified the presence of at least two signatures and I would guess there are more that I can't verify yet without a sample.
  9. You left off the beginning of that statement, which was really about two different scenarios. Any malware developer that compiles their code using the current version of Xcode will automatically get Apple Silicon code that runs natively on M1 Macs. So the fact that there are at least two such malware samples out there today shouldn't really surprise us. Also, anybody with an M1 Mac that tries to run an app or process that was compiled for use on an Intel Mac only will be offered the opportunity to download an Apple process known as Rosetta 2. That process will add Apple Silicon code
  10. Probably, for now, but the media is making way too much of it. At this point in time, it doesn't appear to even be harmful to Mac users, but that could quickly change. Any malware that is compiled today using the latest Xcode will produce the code necessary for it to work on the new M1 Macs and most intel86 only code will run on an M1 Mac thanks to Rosetta 2, so I don't understand what the big deal is that we are finding M1 malware now.
  11. I concur with @brcd's advise. I don't know of any anti-malware software that needs to be disabled in order to download a macOS update. And when you launch the update, it simply sets things up for the installation, shuts down all active processes and reboots before any actual installation takes place, so it matters not what is left running before hitting the Install button. One additional word of advise is to unplug all external drives and other devices except for mouse/trackball and keyboard. Users find that thing go smoother that way.
  12. Sorry I wasn't clear. Yes, Raw Source is what you would need to look at, specifically any URL's shown as being "src=" meaning source. Those are links to the remote images that display in illustrated emails if you allow. All images are rendered on your screen as collections of pixels, but there is no way to determine in advance exactly what that image will look like. There might be clues in the html code on it's size and exactly where in the email it will appear, but nothing else beyond that. Perhaps I could be a bit clearer if I understood exactly why you are asking "Is there any chance t
  13. @brcd a thorough examination of the raw html data will reveal the source of such a pizel, although you won't know what it is or how big unless you access it. That's why it is recommended that you not load remote images automatically in Apple Mail and only allow remote images when you trust the source and need to see them.
  14. From horses mouth: https://objective-see.com/blog/blog_0x62.html Malwarebytes doesn't find it yet, but the signature was revoked by Apple so it's harmless.
  15. Without having access to the headers of that email, I can only guess that it is simply a random address used by the sender. From everything you have said any malware associated with that email was Windows only and your friend has taken care of the problem at their end, so there should be no need for further considerations by you. In the future you can upload such emails to the Research Center forum for Newest Mac Threats to have the Malware Hunters and staff take a look at it. You might also find SpamCop useful in determining the true sender.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.